Technical Forum
Ask questions. Discover Answers.
Showing results for 
Search instead for 
Did you mean: 

APM - Do not send OTP if AD password needs changing


Hi Everyone,

I have a virtual LTM-APM sitting front of a SharePoint 2019 deployment.  We have an APM policy attached to the VIPs which authenticates users and then sends an OTP via email for login.  All works swimmingly!  Some of testers noticed that when a user is prompted for an AD password change (i.e. pwd expiration etc), the APM module still sends an OTP to the user.  Once the password is changed, a new login must be done with the new credentials and another OTP is sent.  Alot of our users are not very tech savvy so they'll get understandably frustrated and report OTP/login as not working.

I've tried to explore some VPE branches but none are jumping out at me as a potential solution.  I have seen another solution on DevNet where a user did a email/captcha, OTP then uname/pword but I feel its over engineered and that there should be a simpler solution to this?

Has anybody come across this before or know of a fix?  Any help is appreciated.


EDIT: I'm basically trying to understand if we can get the APM module to not send an OTP if the password needs changing.  There must be a AD attribute that signals a password change is needed?


F5 Employee
F5 Employee

Hi Shakeel,
Do you rely on APM logon page for AD password change? examples below,

Also, if you can post the VPE screen shot?



Hello momahdy!

Thanks for replying and sorry my reply is late.  Yes, we're relying on APM to change the AD password for users who's passwords have expired.  Here is the screenshot of the VPE I have configured.